add check_https_valid, adjust executable

2024-09-26 19:18:15 -06:00 · 2024-09-26 19:18:15 -06:00 · 28909ae35f
parent dafd6236bc
commit 28909ae35f
2 changed files with 91 additions and 0 deletions
--- a/check_file_exists.sh
+++ b/check_file_exists.sh
--- a/check_https_valid.sh
+++ b/check_https_valid.sh
@ -0,0 +1,91 @@
+#!/bin/bash
+
+while getopts ":u:" opt; do
+  case $opt in
+    u)
+      url="$OPTARG"
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 3
+      ;;
+    :)
+      echo "Option -$OPTARG requires an argument." >&2
+      exit 3
+      ;;
+  esac
+done
+
+if [ -z "$url" ]; then
+  echo "UNKNOWN - URL not specified. Use the -u option to provide a URL."
+  exit 3
+fi
+
+# Check if the URL starts with "https://"
+if [[ "$url" != "https://"* ]]; then
+  echo "UNKNOWN - Invalid URL. The URL must start with 'https://'."
+  exit 3
+fi
+
+# Extract the hostname and port from the URL
+hostname=$(echo "$url" | awk -F[/:] '{print $4}')
+port=$(echo "$url" | awk -F[/:] '{print $5}')
+
+if [ -z "$port" ]; then
+  port=443
+fi
+
+# Check SSL certificate validity
+ssl_output=$(curl -sSI --stderr - "$url" 2>&1)
+curl_exit_code=$?
+
+if [ $curl_exit_code -ne 0 ]; then
+  case $curl_exit_code in
+    6)
+      MSG="Could not resolve host for $url"
+      ;;
+    7)
+      MSG="Failed to connect to $url"
+      ;;
+    35)
+      MSG="SSL connect error for $url"
+      ;;
+    51)
+      MSG="SSL certificate verification failed for $url"
+      ;;
+    60)
+      MSG="SSL certificate cannot be authenticated with known CA certificates for $url"
+      ;;
+    *)
+      MSG="curl request failed with exit code $curl_exit_code for $url"
+      ;;
+  esac
+  echo "CRITICAL - $MSG"
+  exit 2
+fi
+
+# Check SSL certificate expiration date
+expiration_date=$(echo | openssl s_client -servername "$hostname" -connect "$hostname:$port" 2>/dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)
+
+if [ -z "$expiration_date" ]; then
+  echo "UNKNOWN - Failed to retrieve SSL certificate expiration date for $url"
+  exit 3
+fi
+
+expiration_timestamp=$(date -d "$expiration_date" +%s)
+current_timestamp=$(date +%s)
+
+if [ $expiration_timestamp -lt $current_timestamp ]; then
+  echo "CRITICAL - SSL certificate for $url has expired on $(date -d @$expiration_timestamp)"
+  exit 2
+fi
+
+days_remaining=$((($expiration_timestamp - $current_timestamp) / (60*60*24)))
+
+if [ $days_remaining -lt 30 ]; then
+  echo "WARNING - SSL certificate for $url is expiring on $(date -d @$expiration_timestamp) ($days_remaining days remaining)"
+  exit 1
+else
+  echo "OK - SSL certificate for $url is valid"
+  exit 0
+fi